Primary

Context

PcVue MQTT Add-On Improper Certificate Validation Vulnerability

Vulnerability

Patched

A vulnerability exists in the MQTT add-on of PcVue due to improper validation of remote device certificates. The add-on fails to check whether a certificate has expired or is not yet valid, allowing malicious devices to present certificates that are not properly rejected. While the issue can be mitigated by using client certificates, the flaw still poses a risk for devices that do not use them.

Impact

Exploitation of this vulnerability could lead to unauthorized devices being accepted in the MQTT communication, potentially allowing them to interfere with the application or system.

Remediation

Users can upgrade to PcVue versions 16.2.5 or 16.3.0 to address this vulnerability. For PcVue 15 users, the fix is planned in version 15.2.12.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

6.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

6.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PcVue MQTT Add-On Improper Certificate Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PcVue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating